| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The official .deb package is always built with apparmor support, so use
`--enable-apparmor` in mkdeb.sh and remove the "deb-apparmor" target in
order to reduce redundancy.
Note that custom configure options may be specified by calling
./mkdeb.sh directly.
For example, to build the .deb package without apparmor support, instead
of running `make deb`, the following commands can be used:
make dist
./mkdeb.sh --disable-apparmor
Also, change the `build_apparmor` GitLab CI job into
`build_no_apparmor`, which is intended to check that building without
apparmor still works.
Note: This commit makes the resulting .deb package not have an
"-apparmor" suffix (see `EXTRA_VERSION` in mkdeb.sh), to avoid
redundancy (as having apparmor support becomes the default).
Misc: This is a follow-up to #5654.
Relates to #5154 #5176 #5547.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "deb" target depends on the "dist" target, which creates an archive
from DISTFILES.
The arguments to ./configure are misleading, as they do not affect the
archive that is used by `make deb`. That is the case because the
configure output files (config.mk and config.sh) are not copied into the
dist archive, only their input files (config.mk.in and config.sh.in).
In order to affect the .deb package, the configure arguments have to be
passed to mkdeb.sh, which then forwards them to ./configure itself.
Note: This does not apply to the rpm-based jobs, as `make rpms` uses the
files directly rather than using the dist archive.
Relates to #5154.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix #772.
Relates to #1205 #3414 #5148.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "build_apparmor" job was added on commit 342e71cd8 ("Add
deb-apparmor build to Gitlab CI", 2019-01-26). It would call
`./mkdeb-apparmor.sh`, which would run `./configure --enable-apparmor`
directly, adding `-lapparmor` to `EXTRA_LDFLAGS` and thus passing it to
the linker.
Later, commit 87e7b3139 ("Configure Debian package with AA and SELinux
options", 2020-05-13) / PR #3414 merged mkdeb.sh and mkdeb-apparmor.sh
into mkdeb.sh.in, which does not always pass `--enable-apparmor` to
./configure directly. Instead, it adds `--enable-apparmor` depending on
whether the `$HAVE_APPARMOR` environment variable is set, which would be
done by a previous run of ./configure with `--enable-apparmor`. Since
on "build_apparmor" ./configure is not run the first time with
`--enable-apparmor`, neither is it on the second time and thus
`-lapparmor` is never passed to the linker. This commit adds
`--enable-apparmor` to the first ./configure run on the ci job, so that
it gets passed to the one being executed on mkdeb.sh as well.
|
|
|
|
|
|
|
| |
To ensure that firejail was actually built with support for it.
Note: This commit intentionally fails on GitLab CI to demonstrate that
the above is currently not the case.
|
|
|
|
|
| |
To ensure that the resulting program actually runs and also to show
which compile-time features it supports.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Likely caused by commit 500a56efd ("more on nettrace", 2022-01-07).
From the build log of "debian_ci" for the above commit[1]:
make[1]: Leaving directory '/builds/Firejail/firejail_ci'
dh_fixperms -Nfirejail
debian/rules override_dh_missing
make[1]: Entering directory '/builds/Firejail/firejail_ci'
dh_missing -pfirejail --fail-missing
dh_missing: warning: etc/firejail/hostnames exists in debian/tmp but is not installed to anywhere
dh_missing: error: missing files, aborting
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/1952432676
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
See
87e7b313997b1d2be6553cfb22fef71b74c84ea6
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add contrib/sort.py to Gitlab CI
Not adding to Debian Jessie or CentOS since python >=3.6 is not
available
See https://github.com/netblue30/firejail/pull/2870
* Updates
Explicitly install python3 on Ubuntu (should be pre-installed but not
working as-is)
Remove running python3 code on CentOS
* ci: comment out contrib/sort.py for Alpine
Getting this error:
$ python3 contrib/sort.py etc/*.{profile,inc}
[ Error ] Can't find `etc/*.{profile,inc}'
ERROR: Job failed: exit code 1
For now it's better to debug later and enable this test for the other
jobs
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Ubuntu:rolling is the latest Ubuntu release (LTS and/or non-LTS).
Since debian:latest already provides a reasonable base for testing
firejail builds on older Debian-based systems, use ubuntu:rolling
to test on relatively new systems.
|
|
Code tests are still run on Travis CI, but distro-specific builds are run on GitLab CI.
Currently these are used:
1. Debian stable
2. Ubuntu latest
3. CentOS latest
4. Fedora latest
5. Alpine
Debian and CentOS are for testing builds on older systems, for *.deb vs *.rpm, respectively.
Ubuntu and Fedora are for testing builds on the latest **stable** systems for *.deb and *.rpm.
Alpine is used to test building/installing from source.
All run concurrently.
In the future may expand tests on Gitlab to cover code testing as well.
|